W3C home > Mailing lists > Public > www-font@w3.org > April to June 2010

RE: WebFonts WG discussions

From: Levantovsky, Vladimir <Vladimir.Levantovsky@MonotypeImaging.com>
Date: Fri, 7 May 2010 14:35:06 -0400
To: Tab Atkins Jr. <jackalmage@gmail.com>
CC: Matt Colyer <matt@typekit.com>, Erik van Blokland <erik@letterror.com>, "www-font@w3.org" <www-font@w3.org>
Message-ID: <7534F85A589E654EB1E44E5CFDC19E3D020819F889@wob-email-01.agfamonotype.org>
On Friday, May 07, 2010 12:08 PM Tab Atkins Jr. wrote:
> 
> On Fri, May 7, 2010 at 6:59 AM, Levantovsky, Vladimir wrote:
> > Sorry for a delayed response. The reason I proposed to consider
> adding
> > checksum is because the WOFF file contains extended and private
> metadata
> > fields that are currently can be easily discarded – one can simply
> cut them,
> > zero-out related offset/length values in the WOFF header and modify
> the WOFF
> > length. I realize that adding checksum isn’t going to be a strong
> protection
> > against willful modifications, the same could be done with the
> checksum
> > present, but it would require a bit of an effort (to write the code
> to
> > recalculate the checksum).
> 
> I believe that, by the time people are reaching into the file to cut
> out tables and modify several values, recalculating a checksum is
> trivial.  The operations and abilities required to do so are basically
> the same.
> 

Well, the key difference here is that I can discard metadata fields and zero-out their respective offset/length values using any HEX editor with no efforts. Recalculating a checksum does require writing a piece of code.

Regards,
Vlad

Received on Friday, 7 May 2010 18:34:25 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:37:34 UTC